Ben Craig created THRIFT-1687:
---------------------------------
Summary: Use Microsoft SafeInt (or reasonable alternative) to
protect against integer arithmetic attacks
Key: THRIFT-1687
URL: https://issues.apache.org/jira/browse/THRIFT-1687
Project: Thrift
Issue Type: Improvement
Components: C++ - Library
Affects Versions: 0.8, 0.9
Environment: This is a concern on all OSes. Microsoft SafeInt works
on the major desktop OSes.
Reporter: Ben Craig
There are a lot of scary casts and integer truncations in the C++ Thrift
library. Microsoft has a template class that will throw an exception when any
kind of integer overflow has happened ( http://safeint.codeplex.com/ ).
SafeInt is released under the Microsoft Public License, which ASF has deemed
suitable as a dependency for Apache products (
http://www.apache.org/legal/resolved.html#category-a ).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
